CVE-2019-14857

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-14857
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14857.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-14857
Downstream
Related
Published
2019-11-26T12:15:10Z
Modified
2025-10-15T10:17:24.444835Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in modauthopenidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in modauthmellon.

References

Affected packages

Git / github.com/openidc/mod_auth_openidc

Affected ranges

Type
GIT
Repo
https://github.com/openidc/mod_auth_openidc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5c15dfb08106c2451c2c44ce7ace6813c216ba75
Fixed
ce37080c6aea30aabae8b4a9b4eea7808445cc8e

Affected versions

2.*

2.3.11rc1

v1.*

v1.5
v1.5.1
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.6.0
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.1
v1.8.10
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.8
v1.8.9

v2.*

v2.0.0
v2.0.0rc1
v2.0.0rc4
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.2.0
v2.3.0
v2.3.0rc0
v2.3.0rc3
v2.3.1
v2.3.10
v2.3.10.1
v2.3.10.2
v2.3.11
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.4.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "30772766283683049679069991176076912538",
                "200834720458352872239000927432599054556",
                "268582406256955029575533021371666121103",
                "203443991318169960875274308387590868118",
                "27256569015882332525106114472372793671",
                "213359616934871470226653873468927481531",
                "125984577964478178753743932636069738753",
                "60960883149056088299375882059793269702",
                "90919408179549707472043869375519559559",
                "110942310953466835390566375538862996327",
                "35929376823898943158715501983921056725",
                "278456458981022498753495187799786377278",
                "58670272619952572438600042729569866479",
                "262747295073548171532431869284449934861",
                "60250782895766926263150587187029425544",
                "273452412656222341373483408539926164885",
                "42234356881720127507317648207975498354",
                "181978282946665355525965424218095907872",
                "170527201854840473645468252027586248642",
                "58345053571656217559621689999473022069",
                "238709613054337831087281222373547178179",
                "302070185729550035787642713454864562973",
                "294022585640728366201397745220220179668",
                "255695823000723783862562438950232936077",
                "164910019385521574178132602125020525076",
                "129182609441745555012737117847046247978",
                "259012465651778659863724017861802954747",
                "235131091390113697927372088226951045050",
                "110626335685064363849970790361289786028",
                "179890383281753000882715179286643852542",
                "197413357025989139201307536276235522379",
                "85460765129804682721082895775385519482",
                "244429004768617805130294076116288031758",
                "77762228922566300110213188269842535776",
                "308081772636656440643554137980166084860",
                "129691427218730188626182533538681564795",
                "208770191896677617663369925236280477953",
                "273633352825931212159964142390717759708",
                "110626335685064363849970790361289786028",
                "179890383281753000882715179286643852542",
                "319071982523754960662712038138601372341",
                "168876772711598012800350985419227762195"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2019-14857-43fb8d7f",
        "source": "https://github.com/openidc/mod_auth_openidc/commit/5c15dfb08106c2451c2c44ce7ace6813c216ba75",
        "target": {
            "file": "src/mod_auth_openidc.c"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 2355.0,
            "function_hash": "198730540251251153998051770731109658292"
        },
        "id": "CVE-2019-14857-68b9b01d",
        "source": "https://github.com/openidc/mod_auth_openidc/commit/5c15dfb08106c2451c2c44ce7ace6813c216ba75",
        "target": {
            "function": "oidc_handle_logout",
            "file": "src/mod_auth_openidc.c"
        },
        "signature_type": "Function",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "246347999396180479564272321565075111723",
                "49877050722490752050590544487625282645",
                "221524309224459784932391838566938806363",
                "62518930550172297815483977202887614212"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2019-14857-b1e31300",
        "source": "https://github.com/openidc/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e",
        "target": {
            "file": "src/mod_auth_openidc.c"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "digest": {
            "length": 1529.0,
            "function_hash": "307533773670268419188802876226795419760"
        },
        "id": "CVE-2019-14857-c18a1a3e",
        "source": "https://github.com/openidc/mod_auth_openidc/commit/ce37080c6aea30aabae8b4a9b4eea7808445cc8e",
        "target": {
            "function": "oidc_validate_post_logout_url",
            "file": "src/mod_auth_openidc.c"
        },
        "signature_type": "Function",
        "deprecated": false
    }
]